Good afternoon, I have a problem with an application in springboot 2.7.1 that I updated to version 3.1.1
my application uses CustomOpaqueTokenIntrospector to validate a token, the problem is that in version 3.1.1 "WebSecurityConfigurerAdapter", "cors","antMatchers", "oauth2ResourceServer().opaqueToken()" are deprecated, and honestly I'm new to this authentication and authorization.
Could you help me with an answer on how I could correct my problem, I have attached the code of my configuration classes.
下午好,我在SpringBoot 2.7.1中更新到3.1.1版的一个应用程序有问题我的应用程序使用CustomOpaqueTokenIntrospector来验证令牌,问题是在3.1.1版中“WebSecurityConfigurerAdapter”、“CORS”、“antMatcher”、“oauth2ResourceServer().opaqueToken()”是不受欢迎的,老实说,我对这种身份验证和授权还不熟悉。你能帮我解决我的问题吗?我已经附上了我的配置类的代码。
Class OpaqueSecurityConfig:
类OpaqueSecurityConfig:
package ec.edu.espe.generalapi.Config.security;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
@Configuration
public class OpaqueSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors();
http
.authorizeRequests(authz -> authz
.antMatchers(HttpMethod.GET, "/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
.antMatchers(HttpMethod.POST, "/public/**").permitAll()
.anyRequest().authenticated())
.oauth2ResourceServer().opaqueToken();
}
@Bean
OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
}
}
Class CustomOpaqueTokenIntrospector:
类CustomOpaqueTokenIntrospector:
package ec.edu.espe.generalapi.Config.security;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.web.client.RestOperations;
import java.time.Duration;
public class CustomOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
private OAuth2ResourceServerProperties.Opaquetoken opaqueTokenProps;
private RestTemplateBuilder builder;
CustomOpaqueTokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
this.opaqueTokenProps = resourceServerProps.getOpaquetoken();
this.builder = builder;
}
@Override
public OAuth2AuthenticatedPrincipal introspect(String token) {
// System.out.println(token);
RestOperations restOperations = builder
.defaultHeader("Authorization", "Bearer " + token)
.setConnectTimeout(Duration.ofSeconds(60))
.setReadTimeout(Duration.ofSeconds(60))
.build();
return new NimbusOpaqueTokenIntrospector(opaqueTokenProps.getIntrospectionUri(), restOperations).introspect(token);
}
}
and finally:
最后是:
build.gradle
Build.gradle
plugins {
id 'java'
id 'org.springframework.boot' version '3.1.3'
id 'io.spring.dependency-management' version '1.1.3'
}
group = 'example'
version = '0.0.1-SNAPSHOT'
java {
sourceCompatibility = '17'
}
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.0.0'
implementation 'org.springframework.boot:spring-boot-gradle-plugin:2.7.0'
compileOnly 'org.projectlombok:lombok'
implementation 'org.springdoc:springdoc-openapi-ui:1.6.12'
implementation 'org.springdoc:springdoc-openapi-security:1.6.12'
implementation group: 'org.postgresql', name: 'postgresql', version: '42.3.1'
runtimeOnly 'com.nimbusds:oauth2-oidc-sdk:9.2.4'
implementation 'org.springframework.boot:spring-boot-starter-actuator:2.6.1'
runtimeOnly 'com.oracle.database.jdbc:ojdbc8'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
tasks.named('test') {
useJUnitPlatform()
}
更多回答
优秀答案推荐
If the problem is in migration and nothing else, i mean to replace old configuration.
如果问题出在迁移上,而不是其他方面,我的意思是更换旧配置。
You should remove extends WebSecurityConfigurerAdapter
.
您应该删除扩展WebSecurityConfigurerAdapter。
The configuration class will look so:
配置类将如下所示:
@Configuration
@EnableWebSecurity
public class OpaqueSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors(AbstractHttpConfigurer::disable);
http.authorizeHttpRequests(request -> {
request.requestMatchers(HttpMethod.GET,
"/public/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html", "/apiGeneral-docs/**", "swagger-ui-GeneralApi/**", "/swagger-ui-GeneralApi.html/**").permitAll()
.requestMatchers(HttpMethod.POST, "/public/**").permitAll()
.anyRequest().authenticated();
});
http.oauth2ResourceServer(c -> c.opaqueToken(Customizer.withDefaults()));
return http.build();
}
@Bean
OpaqueTokenIntrospector tokenIntrospector(RestTemplateBuilder builder, OAuth2ResourceServerProperties resourceServerProps) {
return new CustomOpaqueTokenIntrospector(builder, resourceServerProps);
}
}
But i really suggest you to check next resources:
但我真的建议你去看看下一步的资源:
spring-security-without-the-websecurityconfigureradapter
spring-security-without-the-websecurity配置
Migration Guide
迁移指南
About gradle
build file also update the version for
关于Gradle构建文件还更新了
implementation 'org.springframework.boot:spring-boot-gradle-plugin:**2.7.0**'
to one that you use in project.
Implementation‘org.springframework.boot:spring-boot-gradle-plugin:**2.7.0**’到您在项目中使用的。
In Spring Security 5.7.0-M2 WebSecurityConfigurerAdapter was deprecated.
Here is how you do it now:
https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
在Spring Security 5.7.0-M2中,WebSecurityConfigurerAdapter已弃用。下面是你现在的做法:https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
更多回答
我是一名优秀的程序员,十分优秀!